Microsoft Azure Open Management Infrastructure remote command execution

Added: 09/28/2021

Background

Microsoft Azure Open Management Infrastructure is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards.

Problem

A vulnerability in Open Management Infrastructure allows remote attackers to execute arbitrary commands by sending a SOAP ExecuteShellCommand request without an Authorization header.

Resolution

Upgrade to Open Management Infrastructure 1.6.8-1 or higher.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647
https://www.horizon3.ai/omigod-rce-vulnerability-in-multiple-azure-linux-deployments/

Back to exploit index